How to blunt spear phishing attacks

FREE

Become An Insider

Sign up now and get free access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content from the best tech brands on the Internet: CIO, CITEworld, CSO, Computerworld, InfoWorld, ITworld and Network World. Learn more.

Hackers need only a single malicious link or email to crack your corporate security. These simple steps help keep phishing attacks at bay

According to Allen Paller, director of research at the SANS Institute, 95 percent of all attacks on enterprise networks are the result of successful spear phishing. In other words, somebody received an email and either clicked on a link or opened a file that they weren't supposed to.

For example, Chinese hackers successfully broke into computers at The New York Times through spear phishing. So what are the steps that IT execs can take to protect enterprise networks from spear phishing?

[MORE SCAMS: Tis the season for tax scammers]

Jim Hansen of PhishMe, a company that provides anti-phishing training programs, says most spear phishing attacks take one of two tacks -- they either appeal to human greed or fear. In other words, either they offer money, coupons, discounts or bargains that are too good to be true. Or they announce that your checking account or eBay account has been frozen and you need to re-enter your credentials, or some other scenario in which you are required to enter personal information .... or else.

While regular phishing typically involves unsophisticated mass mailings, spear phishes can appear to come from your own IT department, from your own payroll department, from a friend or colleague.

To continue reading, please begin the free registration process or sign in to your Insider account by entering your email address:
From CIO: 8 Free Online Courses to Grow Your Tech Skills
Join the discussion
Be the first to comment on this article. Our Commenting Policies